Cyber security in health care: why is the sector at risk?
In recent years, cyber security has become increasingly important for healthcare organizations all over the world. As the industry undergoes intensive digitization, there is a growing need to ensure continuity of patient care and to adequately protect patient data from an expanding number of malicious actors.
In a previous article, we delved into the crucial role played by employees in the pursuit of cyber security. Below, we will shift our focus towards some other cyber security risks faced by health care organizations.
Digitization improves quality of healthcare, but comes with risks
Patients expect the best possible care when it comes to their health, and they are increasingly seeking services that meet the highest quality standards. Thanks to advanced digitization and innovative digital technologies and systems, health care providers are able to deliver the highest quality of services to their patients. Digitization is a valuable tool for health care providers, as it helps to automate tasks and reduce administrative burdens. This enables providers to deliver consistent and timely care while also improving the overall quality of their services.
However, health care institutions often struggle with limited resources and teams to maintain their digital infrastructure and connected applications. Finding a balance between deploying a complex IT infrastructure and the size of the typically small IT team is crucial, but not easy. The increasing importance of digitization creates a growing pressure on the team. “In many organizations, the IT department is responsible for managing a growing and complex blend of on-premises and cloud-based solutions, as well as legacy and standardized SaaS applications”, explains Bart Van Vugt (BowTie Security). “Health care companies frequently rely on external suppliers to install and maintain various applications, such as medical equipment that is connected to the network and becomes part of the general IT infrastructure.”
“During the COVID-19 pandemic, health care organizations have prioritized towards providing the best possible care, leaving limited room for advancements or investments in the field of cyber security.”Bart Van Vugt
Deployment of cyber security systems is difficult
The increasing complexity of digital infrastructure in health care institutions not only intensifies the pressure on IT teams, but it also demands an enhanced level of knowledge among team members and asks for round-the-clock support to maintain the intricate systems in place.
“These dynamic environments and technical complexities such as legacy systems, multi-cloud and IoT pose significant challenges for implementing end-to-end security measures”, says Van Vugt. “Especially when you know that security threats are becoming more and more sophisticated as well. The resulting complexity in all these areas make the rollout of cyber security measures a difficult task.”
What makes the health care sector such a big target?
More than any other sector, institutions in health care have access to a wide range of sensitive data. That makes them an interesting target for hackers and cyber criminals, as the confidential data health care institutions store in their centralized databases are worth a lot of money on the dark web. At the same time, health care institutions are currently an easy target. Their personnel may not always have adequate awareness regarding cyber security risks. Additionally, the presence of numerous connected medical devices, many of which may be legacy, creates a vulnerable point of entry for attackers.
“We see a huge need to catch up on the necessary measures to enhance cyber security”, says Van Vugt. “During the COVID-19 pandemic, health care organizations have prioritized towards providing the best possible care, leaving limited room for advancements or investments in the field of cyber security. At the same time, cyber criminals saw a potential opening as well and escalated their attacks. Luckily, NIS2 will be implemented soon. The new EU directive will force companies to invest in their digital safety, making it more difficult for people with malicious intent to get in. NIS2 will be crucial in securing the sector, because – let’s face it – the threat is very real and possible cyber attacks could have enormous consequences.”
Join our webinar on Cybersecurity in the Healthcare
Want to learn more about cyber security and NIS2? Join our webinar on the 16th of March 2023, and discover what the new European directives on cyber security entail for your organization.